ZoneAlarm Firewall updated after DNS patch snafu knocks its users offline
Checkpoint, the owners of the famous ZoneAlarm Personal Firewall, has released a patched version of their firewall, to fix a problem caused when Windows 2000 and XP computers received the July 8, 2008 Windows Updates patch MS08-037. You can read about what happened to me and millions of other ZoneAlarm users on this blog article, which I wrote on July 8, after I used System Restore to get back online. It took several hours of troubleshooting to discover that the ZoneAlarm firewall was the cause of my loss of Internet access. As it turned out all one had to do to get reconnected was to lower a security slider from high to medium! Doh!
Before I go into the details about why this happened I want to give you a direct link to the ZoneAlarm download page, where you can download the appropriate upgrade to the program you are using, which caused a loss of Internet access after applying MS08-037.
The official statement from the ZoneAlarm folks, on July 8, was that you should uninstall the Microsoft patch to get back online! "Bullshit! What's that you say?" They began to change their tone yesterday and issued a patched version of five ZoneAlarm security products that are known to cause this loss of connectivity after installing MS08-037 on Windows 2000 and XP computers (see page linked to above).
So what actually caused ZoneAlarm for Windows 2000 and XP to freak out and deny Internet access to all their firewall users, on July 8? Was it a fundamental design flaw? Was it Microsoft's patch being flawed? None of those was the cause. It was because ZoneAlarm uses "undocumented hooks" into the Windows 2000 and XP "kernel" to enforce security against malware infections. Windows Vista closed this undocumented feature and forces security vendors to use other methods to perform their jobs, thus Vista users were not knocked offline on Tuesday.
So, what really happened is that ZoneAlarm did its job too well, because the "kernel" components that manage Internet connections got altered by the Windows Update "DNS Spoofing" patch, and the nature of that update was so profound that the ZoneAlarm firewall blocked all Internet access believing that the OS had been invaded by malware.
If you have already reduced your ZoneAlarm security slider to Medium, or have uninstalled the Microsoft patch to get back online, I recommend that you download the new ZoneAlarm program that was updated to address the problem, but set a System Restore Point first (XP only). That way if the updated ZoneAlarm program is still buggy you can roll back to the previous version and leave the slider at medium, until they produce a stable upgrade. If you uninstalled the MS08-037 patch you should reinstall it, via Windows Updates.
This is all in flux right now. I will post a follow-up to this once the dust settles.
Take 10% Off 1 year of Trend Micro Internet Security 2009 - Use Coupon Code: TrendIS
Spyware Doctor is a multi-award winning spyware removal utility that detects, removes and protects your PC from thousands of potential spyware, adware, Trojans, keyloggers, spybots and tracking threats.
Spyware Doctor is fully capable of detecting and removing hidden processes associated with complex threats and rootkits. Such threats are otherwise difficult to remove by conventional means since they may be hidden to the operating system.
A Startup Scanner removes references to malicious programs that run at startup in the registry and Windows startup files, as well as malicious files in Windows startup locations.
State-of-the-art scanning engines, including file scan, memory scan, registry scan, browser helper objects scan, cookie scan and much more.
